On 1/4/2012 1:31 PM, Mark Stone wrote: > > I guess my first question would be: "If this is such a great idea, why isn't > it already > being done elsewhere?".
It is... that's precisely what most packagers do, they ship out their pgp keys and have the user add this to their web of trust in order to accept packages for the new version / validated by the new pgp key. On windows, it isn't... I think nobody's had the balls to replace the root chain. I half expect a long rant from Gibson explaining how CoApp seeks to eliminate all the security from the internet :-P Brilliant Garrett, as the 'umbrella' of a distinct 'environment', it seems entirely sensible to inject a root key and treat this a WoT. If we have the capacity, it would be helpful to inject the OCSP authority and set up an OCSP responder. Of course code signing and revocation all mean nothing with system services at startup time, prior to having a useful network stack. _______________________________________________ Mailing list: https://launchpad.net/~coapp-developers Post to : coapp-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~coapp-developers More help : https://help.launchpad.net/ListHelp
